AMENDMENT AND RESPONSE UNDER 37 C.F.R. § 1.116 - EXPEDITED PROCEDURE 

Serial Number: 10/676,231 
Filing Date: September 30, 2003 

Title: POLICY AND ATTRIBUTE BASED ACCESS TO A RESOURCE 



IN THE CLAIMS 

Please amend the claims as follows: 

Claims 1-7. (Canceled) 

8. (Currently Amended) A method implemented in a computer-readable medium and for 
executing on a proxy server the method for policy and attribute based access to a resource, 
comprising: 

receiving a session request for access to a resource, wherein the session request is sent 
from a service and includes alias identity information for a principal, wherein the alias identity 
information includes a random password and a random principal identification password ; 

mapping the alias identity information to identity information of the principal; 

authenticating the identity information; 

acquiring a service contract for the principal, the service, and the resource, wherein the 
service contract includes selective resource access policies and attributes which are permissibly 
used by the service on behalf of the principal; and 

establishing a session with the service, wherein the session is controlled by the service 
contract. 

9. (Original) The method of claim 8 further comprising accessing an identity configuration 
for the principal in order to acquire the selective resource access policies and attributes included 
within the service contract. 

10. (Original) The method of claim 8 further comprising denying access attempts made by 
the service during the session when the access attempts are not included within the service 
contract. 

1 1 . (Original) The method of claim 8 further comprising terminating the session when an 
event is detected that indicates the service contract is compromised or has expired. 
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12. (Original) The method of claim 8 further comprising establishing the service contract 
with the principal prior to receiving the session request. 

13. (Original) The method of claim 12 further comprising reusing the service contract to 
establish one or more additional sessions with the service, wherein the one or more additional 
sessions are associated with one or more additional session requests made by the service. 

14. (Original) The method of claim 12 wherein the establishing further includes establishing 
the service contract with the principal in response to a redirection operation performed by a 
proxy that intercepts a browser request issued from the principal to the service for purposes of 
accessing the resource. 

Claims 15-20. (Canceled) 

21 . (Currently Amended) A policy and attribute based resource session manager, residing in 
a computer-accessible medium and for executing on a proxy server , comprising instructions for 
establishing a session with a resource, the instructions when executed performing the method of: 

receiving alias identity information from a service, wherein the alias identity information 
is associated with a principal, and wherein the alias identity information includes a random 
password and a random principal identification password ; 

requesting a mapping of the alias identity information to principal identity information; 

requesting authenticating of the identity information; 

requesting a service contract for the principal, the service and a resource, wherein the 
service contract includes selective resource access policies and attributes derived from an 
identity configuration; and 

establishing a session with the service and the resource, wherein the session is controlled 
by the service contract. 



22. 



(Original) The policy and attribute based resource session manager of claim 21 having 
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instructions further comprising, permitting the service to indirectly access an identity store which 
represents the resource, and wherein the identity store includes secure information related to the 
principal. 

23. (Original) The policy and attribute based resource session manager of claim 21 having 
instructions further comprising terminating the session when the service contract expires or is 
compromised. 

24. (Original) The policy and attribute based resource session manager of claim 21, wherein 
the requesting of the mapping further includes interacting with an alias translator. 

25. (Original) The policy and attribute based resource session manager of claim 21, wherein 
the requesting of authentication further includes interacting with an identification authenticator. 

26. (Original) The policy and attribute based resource session manager of claim 21 having 
instructions further comprising managing the session by acting as an intermediary between the 
service and a legacy Lightweight Directory Access Protocol (LDAP) application which has 
access privileges to the resource. 

27. (Original) The policy and attribute based resource session manager of claim 26, wherein 
the receiving further includes intercepting a session request that is issued from the service for the 
legacy LDAP application, wherein the session request includes the alias identity information. 



28. (Original) The policy and attribute based resource session manager of claim 27 having 
instructions further comprising managing the session with respect to the service as if the policy 
based resource session manager were the legacy LDAP application. 
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29. (Original) The policy and attribute based resource session manager of claim 21 wherein 
the instructions for establishing the session further includes defining the selective resource access 
policies as at least one of a read operation and a write operation and defining the attributes as 
selective confidential data related to the principal, wherein the policies define operations that are 
permissible on the attributes, and wherein values for the attributes reside in the resource. 



